UPCOMING EVENTS

The picture of a Google security message warning “attackers may be trying to steal your information from lastpass.com” was posted to Imgur three weeks ago. The photo raises questions about how long the attackers were in the LastPass network and how many accounts were affected.

LastPass says that no encrypted user data was pilfered, which means that names and passwords for individual accounts should be safe. However, the company is asking users to update their master passwords as soon as possible. Users who have a master password that is the same as a password on another site should change that password in both locations. The company is also encouraging users to add two-factor authentication to their accounts. Two-factor authentication requires another form of identification in addition to a password, like a PIN code sent to your phone.

Despite the company’s cautionary advice, LastPass said that passwords stored in its system are safe.

“We are confident that our encryption measures are sufficient to protect the vast majority of users,” wrote LastPass CEO Joe Siegrist in a blog post. LastPass secures passwords stored in plain text with a hashing mechanism slow enough to require a significant amount of computing power to access.

Siegrist says his company first saw “suspicious activity” on its network last Friday. The bad actor was subsequently blocked, but not before he or she was able to snag some of the user data.

LastPass was also breached in 2011. Then and now, breaches like these challenge the wisdom of storing all of your passwords in the cloud.